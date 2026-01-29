There are networking options that can be configured. The MTU for the control plane and high-speed interfaces can be configured. The default value is set to 1500, however it can be adjusted if required.

Copy Copied! spec: networking: controlPlaneMTU: 1500 # Management network MTU (range: 1280 - 9216 , default : 1500 ) highSpeedMTU: 1500 # High-speed interface MTU (range: 1280 - 9216 , default : 1500 )





Specify secrets for pulling container images. This is only necessary if your container registry requires authentication. If you are using the public GHCR registry, which is the default, you don't need to configure this.

Copy Copied! spec: imagePullSecrets: - "my-registry-secret" - "another-secret"





All system components deployed by the DPF Operator support standard Kubernetes resource requests and limits. Resources can be configured per component at the container level. Components may have multiple containers with different resource requirements that can be configured independently.

Below is an example of configuring resources for the SFC Controller component:

Copy Copied! spec: sfcController: controller: resources: requests: cpu: 6 memory: 2Gi limits: cpu: 8 memory: 4Gi

This pattern applies to all components listed in the Optional Component Configurations section below.

For production deployments, it's recommended to set appropriate resource limits based on your cluster's workload.

The following components can be configured to enable/disable features or specify a different container image.

By default, all components are enabled with preconfigured images, and changes are usually only needed for development, testing, or specific deployments.

Copy Copied! spec: cniInstaller: { } dpuDetector: { } dpuServiceController: { } flannel: { } kamajiClusterManager: { } multus: { } nvipam: { } ovsCNI: { } provisioningController: { } serviceSetController: { } sfcController: { } sriovDevicePlugin: { } staticClusterManager: { }

To disable a component or override its container image, use the following configuration:

Copy Copied! spec: sriovDevicePlugin: disable: true dpuDetector: daemon: image: "my-registry/my-dpu-detector:latest"

Warning Deprecated: Setting the image at component level (e.g., spec.dpuDetector.image ) is deprecated. Use the sub-component specific image field instead (e.g., spec.dpuDetector.daemon.image ).

For a detailed description of each component and its available configuration options, see

the API Reference.

spec.dpuServiceController.disableDPUReadyTaints : When set to true, disables the automatic tainting of DPU nodes when they're not ready.

Copy Copied! spec: dpuServiceController: disableDPUReadyTaints: true





spec.flannel.podCIDR : CIDR range for pod networking when using Flannel CNI.

Copy Copied! spec: flannel: podCIDR: "10.244.0.0/16"





Several components support additional deployment configuration options:

helmChart : Override the Helm chart repository/version for the component

Copy Copied! spec: multus: helmChart: "custom-repo/multus:v1.0.0"





spec.sfcController.SecureFlowDeletionTimeout : Used to control the secure flow deletion feature. The default value is 0, which means that the feature is disabled. When set with a valid duration value, indicating the API server unavailability threshold, SFC controller will delete all openflow flows to prevent unintended packet leaks, if API server is unavailable for more than the specified duration. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.

Copy Copied! spec: sfcController: SecureFlowDeletionTimeout: 5m





spec.provisioningController.bfbPVCName : (Required) Name of the PVC containing the BFB (BF Bundle) for provisioning DPUs.

spec.provisioningController.maxDPUParallelInstallations : Controls the maximum number of DPUs that can be provisioned concurrently. The default value is 50. The value must be at least 1.

spec.provisioningController.maxUnavailableDPUNodes : Maximum number of DPU nodes that can be unavailable during updates. The provisioning controller interacts with the maintenance-operator to implement the drain node effect. The number of nodes that can be applied node effect simultaneously is determined by MaxUnavailableDPUNodes in dpfoperatorconfig and MaxParallelOperations in the NodeMaintenance-operator configuration. NodeMainteanceOperator has higher priority than what is defined in the DPFOperatorConfig. The default value of DPFOperatorConfig.MaxUnavailableDPUNodes is 50. For the default MaintenanceOperatorConfig values see instructions in helm prerequisites.

The maxDPUParallelInstallations and maxUnavailableDPUNodes options can be configured together and can be combined with maxParallelOperations and maxUnavailable in Nvidia NodeMaintenance-operator configuration. Below are some examples to show the expected behaviour.

maxDPUParallelInstallations in DPFOperatorconfig maxUnavailableDPUNodes in DPFOperatorconfig maxParallelOperations in Nvidia NodeMaintenanceConfig maxUnavailable in Nvidia NodeMaintenanceConfig max number of DPUs in provisioning max number of Nodes under node effect in NodeMaintenanceOperator 5 1 10 5 up to 5 DPUs provisioning in parallel up to 1 node under node effect 1 5 10 10 up to 1 DPU provisioning up to 1 node under node effect 5 5 1 5 up to 5 DPUs provisioning in parallel up to 1 node under node effect 5 5 10 2 up to 5 DPUs provisioning in parallel up to 2 node under node effect

spec.provisioningController.bfCFGTemplateConfigMap : Name of ConfigMap containing bf-cfg template for DPU configuration.

spec.provisioningController.customCASecretName : Name of Secret containing custom CA certificates for secure communication.

spec.provisioningController.dmsTimeout : Timeout in seconds for DMS (DPU Management Service) operations.

spec.provisioningController.multiDPUOperationsSyncWaitTime : Wait time for synchronizing operations across multiple DPUs. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.

spec.provisioningController.registry : Configuration for the container registry used during provisioning. address : Registry address port : Registry port

spec.provisioningController.installInterface : Method for installing DPU firmware. Choose one: installViaHostAgent : Install via host agent installViaGNOI : Install via gNOI protocol installViaRedfish : Install via Redfish API with additional options: bfbRegistry.disable : Disable the BFB registry bfbRegistry.port : Port for BFB registry bfbRegistryAddress : Address of BFB registry skipDpuNodeDiscovery : Skip automatic DPU node discovery



Copy Copied! spec: provisioningController: bfbPVCName: bfb-pvc maxDPUParallelInstallations: 25 # Limit concurrent provisioning to 25 DPUs maxUnavailableDPUNodes: 5 dmsTimeout: 600 multiDPUOperationsSyncWaitTime: 30s customCASecretName: my-ca-secret registry: address: "registry.example.com" port: 5000 installInterface: installViaRedfish: bfbRegistry: port: 8080 skipDpuNodeDiscovery: false

The overrides section allows customization of system-level paths and settings. These are typically only needed for non-standard deployments or testing scenarios.

Copy Copied! spec: overrides: # Pause reconciliation of the DPFOperatorConfig paused: false # Kubernetes API server configuration kubernetesAPIServerVIP: "192.168.1.100" kubernetesAPIServerPort: 6443 # DPU filesystem paths for CNI dpuCNIPath: "/etc/cni/net.d" dpuCNIBinPath: "/opt/cni/bin" # DPU OpenVSwitch paths dpuOpenvSwitchBinPath: "/usr/bin" dpuOpenvSwitchRunPath: "/var/run/openvswitch" dpuOpenvSwitchSystemSharedPath: "/usr/share/openvswitch" dpuOpenvSwitchSystemSharedLib64Path: "/usr/lib64" # Flannel-specific overrides flannelSkipCNIConfigInstallation: false